| CIA |
Confidentiality |
(3, 7, 9, 19, 21-34) |
Confidentiality ensures that IoT system prohibits unauthorized entities (users and devices) from disclosing medical information (19, 20). |
| Integrity |
(3, 6, 7, 9, 19, 21-34, 36) |
Integrity refers to data completeness and accuracy in entire lifecycle of system. Integrity ensures that patients’ medical data are not manipulated or removed or corrupted by adversary leading to mistaken diagnosis or wrong prescription (6, 35). |
| Availability |
(3, 6, 7, 9, 19, 21-25, 27-29, 31-33, 36) |
Availability ensures that medical data and devices are accessible to authorized users when needed (23). It means the continuity of security services and prevention of any device failure and operational outage (37). In particular, during treatment process, when timely patients’ data should be available for physicians (6). |
| Non-CIA |
Identification and authentication |
(3, 6, 9, 19, 21, 23-26, 28-33, 40) |
Identification guarantees the identity of all the entities (patients, doctors, devices, etc.) before permitting them to interact with the resources of the IoT system (30). Authentication is the process of confirming the identity of a person or device before using of the system resources (23). Devices and applications authentication can prove the interacting system is not an adversary and data shared in networks are legal (38, 39). |
| Authorization (access control) |
(3, 6, 9, 21, 23-26, 28-31, 33, 36, 40) |
After user identity verification, access rights or privileges to resources should be determined so that different users can only access to the resources required based on their tasks (25). For example, a doctor should have more access to patient data than other health providers (40). |
| Privacy |
(3, 6, 7, 19, 21, 23, 26, 28-30, 32, 34) |
Privacy means that secretes and personal data of patients should not be disclosed without the consent (6). IoT system should be in accordance with privacy policies allowing users to control their private data (35). |
| Accountability |
(22, 25, 29, 30, 34) |
In health IoT system, accountability should ensure that the organization or individual are obliged to be answerable or responsible for their actions in case of theft or abnormal event (30, 35). |
| Non-repudiation |
(3, 9, 19, 21, 24-26, 29, 30) |
Non-repudiation ensures that someone cannot deny an action that has already been done (3). In fact, it enables the users to prove occurrence or non-occurrence of an event (19). |
| Auditing |
(21, 23, 30, 34) |
Auditing is the ability of a system to continuously track and monitor actions. In an IoT-based healthcare system, all user activities should be recorded in sequential orders such as login time to system and data modifying (21, 35). |
| Data Freshness |
(3, 6, 19, 21, 24, 30, 32, 33) |
Data freshness means that data should be recent ensuring that no old messages are replayed (3). For example, doctor needs to know the current patients information about his Electrocardiography (ECG) (6). |
